210bd5ca776cac802796459ef1f454a2f8d26d4ed13bff23651e45293739344d | Triage

Sharing

General

Target

210bd5ca776cac802796459ef1f454a2f8d26d4ed13bff23651e45293739344d
Size

70KB
Sample

221125-j4mbdage5t
MD5

fa99018119e70c0e52e45667dcfdc40e
SHA1

cae9e729dbac92eac1eeb461dfc518d2aa3be5a2
SHA256

210bd5ca776cac802796459ef1f454a2f8d26d4ed13bff23651e45293739344d
SHA512

65396bbc80015ba5e01946534acc49bc8f3602ce5b0c1d62794a223d902647731ca76d36cb1c8d215a93fbff01fcac1ec33c3bb7786b692fc7b3b0dc8a9d5a52
SSDEEP

1536:Zzq+5hRpfvl7IjVTtUL2S3jRfzM59B51yaaJyHEXnYmMszKVOP/m:QjfULdVzup1ybJXnYmMs6OPe

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  210bd5ca776cac802796459ef1f454a2f8d26d4ed13bff23651e45293739344d
- Size
  
  70KB
- MD5
  
  fa99018119e70c0e52e45667dcfdc40e
- SHA1
  
  cae9e729dbac92eac1eeb461dfc518d2aa3be5a2
- SHA256
  
  210bd5ca776cac802796459ef1f454a2f8d26d4ed13bff23651e45293739344d
- SHA512
  
  65396bbc80015ba5e01946534acc49bc8f3602ce5b0c1d62794a223d902647731ca76d36cb1c8d215a93fbff01fcac1ec33c3bb7786b692fc7b3b0dc8a9d5a52
- SSDEEP
  
  1536:Zzq+5hRpfvl7IjVTtUL2S3jRfzM59B51yaaJyHEXnYmMszKVOP/m:QjfULdVzup1ybJXnYmMs6OPe
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2